π΄ Ukraine Police Disrupt Cl0p Ransomware Operation π΄
π Read
via "Dark Reading".
Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say.π Read
via "Dark Reading".
Dark Reading
Ukraine Police Disrupt Cl0p Ransomware Operation
Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say.
βΌ CVE-2021-34201 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34204 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32243 βΌ
π Read
via "National Vulnerability Database".
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).π Read
via "National Vulnerability Database".
β How to hack a bicycle β Peloton Bike+ rooting bug patched β
π Read
via "Naked Security".
It's a bike, Jim, but not as we know it.π Read
via "Naked Security".
Naked Security
How to hack a bicycle β Peloton Bike+ rooting bug patched
Itβs a bike, Jim, but not as we know it.
βΌ CVE-2021-31476 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13531.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21777 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read.π Read
via "National Vulnerability Database".
β Threat Actors Use Google Docs to Host Phishing Attacks β
π Read
via "Threat Post".
Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.π Read
via "Threat Post".
Threat Post
Threat Actors Use Google Docs to Host Phishing Attacks
Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.
β S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep37: Quantum crypto, refunding Bitcoins, and Alpaca problems [Podcast]
Latest episode β listen now!
π¦Ώ Amazon Prime Day scams resurface for 2021 π¦Ώ
π Read
via "Tech Republic".
With this year's Amazon Prime Day set for June 21-22, scammers are already touting "Early Prime Day Deals," says Bolster.π Read
via "Tech Republic".
TechRepublic
Amazon Prime Day scams resurface for 2021
With this year's Amazon Prime Day set for June 21-22, scammers are already touting "Early Prime Day Deals," says Bolster.
π΄ Mission Critical: What Really Matters in a Cybersecurity Incident π΄
π Read
via "Dark Reading".
The things you do before and during a cybersecurity incident can make or break the success of your response.π Read
via "Dark Reading".
Dark Reading
Dark Reading | Security | Protect The Business
Dark Reading: Connecting The Cybersecurity Community.
βΌ CVE-2021-32946 βΌ
π Read
via "National Vulnerability Database".
An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32938 βΌ
π Read
via "National Vulnerability Database".
Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32950 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32944 βΌ
π Read
via "National Vulnerability Database".
A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32952 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32936 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34825 βΌ
π Read
via "National Vulnerability Database".
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31818 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isnΓ’β¬β’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.π Read
via "National Vulnerability Database".
β CVS Health Records for 1.1 Billion Customers Exposed β
π Read
via "Threat Post".
A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration.π Read
via "Threat Post".
Threat Post
CVS Health Records for 1.1 Billion Customers Exposed
A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration.
β Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes β
π Read
via "Threat Post".
An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft's native email controls.π Read
via "Threat Post".
Threat Post
Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes
An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft's native email controls.